------=_Part_8252146_2085019966.1395820262425 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit
From: "Giuseppe Ragusa" <giuseppe.ragusa@hotmail.com> To: "Yedidyah Bar David" <didi@redhat.com> Cc: "Users@ovirt.org" <users@ovirt.org> Sent: Tuesday, March 25, 2014 11:49:36 PM Subject: RE: [Users] Otopi pre-seeded answers and firewall settings
Hi Didi, many thanks for your invaluable help!
I'll try your suggestion (/etc/ovirt-host-deploy.conf.d/99-prevent-iptables.conf) asap and then I will report back.
By the way: I have a really custom iptables setup (multiple separated networks on hypervisor hosts), so I suppose it's best to hand tune firewall rules and then leave them alone (I pre-configure them, so the setup procedure won't be impeded in its communication needs anyway AND I will always guarantee the most stringent filtering possible with default deny ecc.).
</blockquote><div><br></div><div>I now asked Sandro and he told me the obv= ious: In the "New Host" form there is a checkbox for that :-)</div><div><br= </div><div>In hosted-engine we do not support that, it's always set - '<sp= an style=3D"font-family: monospace; font-size: 12px; white-space: pre; back= ground-color: #ffffff;" data-mce-style=3D"font-family: monospace; font-size= : 12px; white-space: pre; background-color: #ffffff;">override_iptables=3DT= rue</span>' in [1].</div><div><br></div><div>You can open a bug if you want= , to make this configurable.</div><div><br></div><div>It might make sense t= o use the value input in the question about iptables, but these are differe= nt issues.</div><div><br></div><div>[1] <a href=3D"http://gerrit.ovirt= .org/gitweb?p=3Dovirt-hosted-engine-setup.git;a=3Dblob;f=3Dsrc/plugins/ovir= t-hosted-engine-setup/engine/add_host.py" data-mce-href=3D"http://gerrit.ov= irt.org/gitweb?p=3Dovirt-hosted-engine-setup.git;a=3Dblob;f=3Dsrc/plugins/o= virt-hosted-engine-setup/engine/add_host.py">http://gerrit.ovirt.org/gitweb= ?p=3Dovirt-hosted-engine-setup.git;a=3Dblob;f=3Dsrc/plugins/ovirt-hosted-en= gine-setup/engine/add_host.py</a></div><div><span style=3D"font-size: 12pt;= ">-- </span></div><div><span name=3D"x"></span>Didi<br><span name=3D"x= "></span><br></div><style><!-- .ExternalClass .ecxhmmessage P {
I now asked Sandro and he told me the obvious: In the "New Host" form there is a checkbox for that :-) In hosted-engine we do not support that, it's always set - ' override_iptables=True ' in [1]. You can open a bug if you want, to make this configurable. It might make sense to use the value input in the question about iptables, but these are different issues. [1] http://gerrit.ovirt.org/gitweb?p=ovirt-hosted-engine-setup.git;a=blob;f=src/... -- Didi ------=_Part_8252146_2085019966.1395820262425 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><body><div style=3D"font-family: times new roman, new york, times, se= rif; font-size: 12pt; color: #000000"><div></div><blockquote style=3D"borde= r-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-w= eight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,A= rial,sans-serif;font-size:12pt;"><b>From: </b>"Giuseppe Ragusa" <giusepp= e.ragusa@hotmail.com><br><b>To: </b>"Yedidyah Bar David" <didi@redhat= .com><br><b>Cc: </b>"Users@ovirt.org" <users@ovirt.org><br><b>Sent= : </b>Tuesday, March 25, 2014 11:49:36 PM<br><b>Subject: </b>RE: [Users] Ot= opi pre-seeded answers and firewall settings<br><div><br></div><style><!-- .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 12pt; font-family:Calibri } --></style><div dir=3D"ltr">Hi Didi,<br>many thanks for your invaluable hel= p!<br><div><br></div>I'll try your suggestion (/etc/ovirt-host-deploy.conf.= d/99-prevent-iptables.conf) asap and then I will report back.<br><div><br><= /div>By the way: I have a really custom iptables setup (multiple separated = networks on hypervisor hosts), so I suppose it's best to hand tune firewall= rules and then leave them alone (I pre-configure them, so the setup proced= ure won't be impeded in its communication needs anyway AND I will always gu= arantee the most stringent filtering possible with default deny ecc.).</div= padding:0px; } .ExternalClass body.ecxhmmessage { font-size:12pt; font-family:Calibri; } --></style></div></body></html> ------=_Part_8252146_2085019966.1395820262425--